Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Node.js Security in
the Enterprise
Hi, I’m Adam
Node Security Project
@adam_baldwin
@liftsecurity
@nodesecurity
@evilpacket
Node.js Security in
the Enterprise
Enterprise Security in 3 min
Protect what makes you money
Availability is security
Measure & Iterate
It's not about the vu...
What this talk is about
Being informed & Prepared
!

The node security landscape
!

It's all node's fault
Communication
Understand what the
enterprise cares about,
then do better.
The enterprise should
understand you and do
better.
Gathering Intel
nodejs-sec announcements
https://groups.google.com/forum/#!forum/nodejs-sec
Node Security Project
Advisories
Understanding the
node.js security
landscape
The Enterprise
is responsible
for what you
require()
Technical Controls
Linting
npm install precommit-hook
Test Cases
You do this right?
npm shrinkwrap
POST

/validate/shrinkwrap

GET

/validate/:module_name/:version
npm shrinkwrap example
curl -X POST https://nodesecurity.io/
validate/shrinkwrap -d @npmshrinkwrap.json -H "content-type:
...
retire.js
Scan a web app or node app for
use of vulnerable JavaScript
libraries and/or node modules.

http://bekk.github.i...
What is the greatest
vulnerability that you have
in the enterprise?
Is it one of the ....
OWASP Top 10?
Every Developer on
your team.
Peer Review
Peer Review
Peer Review
Peer Review
Blame Node.
It's just how we do things.™
</PRESENTATION>
@adam_baldwin | @LiftSecurity
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Prochain SlideShare
Chargement dans…5
×

Node Day - Node.js Security in the Enterprise

7 831 vues

Publié le

Adam Baldwin talks about Node.js security in the enterprise for Node Day 2014 hosted at PayPal

Publié dans : Technologie
  • Soyez le premier à commenter

Node Day - Node.js Security in the Enterprise

  1. 1. Node.js Security in the Enterprise
  2. 2. Hi, I’m Adam
  3. 3. Node Security Project
  4. 4. @adam_baldwin @liftsecurity @nodesecurity @evilpacket
  5. 5. Node.js Security in the Enterprise
  6. 6. Enterprise Security in 3 min Protect what makes you money Availability is security Measure & Iterate It's not about the vulnerability You will screw it up anyway
  7. 7. What this talk is about Being informed & Prepared ! The node security landscape ! It's all node's fault
  8. 8. Communication
  9. 9. Understand what the enterprise cares about, then do better.
  10. 10. The enterprise should understand you and do better.
  11. 11. Gathering Intel
  12. 12. nodejs-sec announcements https://groups.google.com/forum/#!forum/nodejs-sec
  13. 13. Node Security Project
  14. 14. Advisories
  15. 15. Understanding the node.js security landscape
  16. 16. The Enterprise is responsible for what you require()
  17. 17. Technical Controls
  18. 18. Linting npm install precommit-hook
  19. 19. Test Cases You do this right?
  20. 20. npm shrinkwrap POST /validate/shrinkwrap GET /validate/:module_name/:version
  21. 21. npm shrinkwrap example curl -X POST https://nodesecurity.io/ validate/shrinkwrap -d @npmshrinkwrap.json -H "content-type: application/json"
  22. 22. retire.js Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. http://bekk.github.io/retire.js/
  23. 23. What is the greatest vulnerability that you have in the enterprise?
  24. 24. Is it one of the .... OWASP Top 10?
  25. 25. Every Developer on your team.
  26. 26. Peer Review
  27. 27. Peer Review
  28. 28. Peer Review
  29. 29. Peer Review
  30. 30. Blame Node. It's just how we do things.™
  31. 31. </PRESENTATION> @adam_baldwin | @LiftSecurity

×